#Security & SIEM

How Logz.io Secures Customer Log Data

By: Asaf Yigal

A certain amount of confidence is needed when relying on third party vendors to manage and handle your online data and log files securely. Therefore the need exists for a solution that protects the integrity of your data, in its entirety, around the clock.

Built by enterprise security veterans hailing from firewall innovator Check Point Software, Logz.io goes above and beyond to support and protect our customers’ secure environments with log management and analysis. This white paper delves into how we developed our innovative microservices architecture to integrate best-of-breed technology with meticulous organizational processes and a human touch for online service security.

First, our culture and internal development, operations, and DevOps processes themselves have been constructed to provide maximum data security. Second, from network and cloud instance logical security to physical data center security, we are able to secure services, data, and access. Finally, we instilled five key underlying features in our architecture at the beginning.

Internal R&D Processes

Security-oriented environments start with high coding standards that guard against attempted security breaches and are accompanied by rigorous code reviews and tests (such as code coverage testing). We employ the strictest development processes and coding standards to ensure that both adhere to the best security practices. In addition, our testing platform performs a set of various black box and white box tests for quality assurance (including ongoing penetration tests). R&D processes are implemented and supported with security as a first priority across all system layers, from the physical layers up to the application layer.

Physical Data Center Security

We rely on the Amazon cloud’s exceptionally flexible and secure cloud infrastructure to store data logically across multiple AWS cloud regions and availability zones. AWS makes abiding by industry and government requirements simple and ensures the utmost in data security and protection. For example, AWS infrastructure aligns with IT security best practices and follows a number of compliance standards such as:

  • SOC 1/SSAE
  • 16/ISAE 3402 (formerly SAS 70 Type II)
  • HIPAA
  • SOC 2
  • SOC 3
  • FISMA
  • DIACAP
  • FedRAMP

All data centers that run our solution are secured and monitored 24/7, and physical access to AWS facilities is strictly limited to select AWS cloud staff.

Instance and Network Security

Every microservice runs inside a well-defined Docker container that allows specific levels of access to select controllers. We use Docker to avoid erroneous instance-configuration changes, upgrades, and corruption that are common sources of security breaches. Additionally, we harden operating systems within containers to enable various network access controls (such as iptables).

We take the necessary precautions to ensure that every layer involved in data transfer is secured by best-of-breed technologies. Our network is segmented using AWS security groups, VPCs, ACLs, and additional custom measures. In addition, our threat-control center is kept up to date with security alerts that are analyzed and addressed in real-time. Through in-depth network monitoring, we are able to detect anomalies and take a proactive approach to eliminating potential breaches.

Customer Data Security

We secure each and every step of data funnel by provisioning dedicated data stores for each individual customer, ensuring full data-segregation. Data is tagged, segregated, and tunneled through our data-ingestion system. We mark each specific piece of given customer data according to its associated organization, which is associated with that data throughout its life cycle. When data is in transit in our ingestion pipeline, it is marked with specific information, including its associated customer, so that it can only be accessed by that customer. We support SSL encryption for data in transit, so customers can securely upload their data to the Logz.io cloud and securely browse through their own Logz.io console. Cold data is encrypted and hosted in separate Simple Storage Service (S3) buckets, which are secured via durable AES 256-bit encryption.

In addition, we continuously track and maintain the location and state of our customers’ data. That way, when we retire an operating system, for example, and decommission the related machine, we can be sure to wipe clean any informational residue that may have been left behind before returning the machine to AWS. Disks are specially formatted to ensure that data recovery is not possible at a later point in time.

Access Management

To further emphasize the points mentioned above, data security is more important now than ever before. We’re able to achieve higher privacy and security levels than most organizations. As a result of understanding the sensitivity of our customers’ log data, we have built and continue to maintain our system with enterprise-grade security in mind. Leveraging a multi-layered approach, Logz.io has a SOC team that handles security matters as well as security architects who define and implement security protocols, procedures, team education and enforcement. We put application and data security first.

Please feel free to contact us with any questions, suggestions or concerns about any of the points outlined above at: security@logz.io

You Might Also Like

Logz.io Cloud SIEM Honored with 6 Summer 2022 G2 Badges!Logz.io Cloud SIEM Honored with 6 Summer 2022 G2 Badges!

Logz.io Cloud SIEM Honored with 6 Summer 2022 G2 Badges!

Ship Logs from Docker with the Logz.io Fluentd ProxyShip Logs from Docker with the Logz.io Fluentd Proxy

Ship Logs from Docker with the Logz.io Fluentd Proxy

Get started for free

Completely free for 14 days, no strings attached.
Start Free Trial
Get a Demo